package com.lock.immersive.aop;

import com.lock.immersive.annotation.AuthCheck;
import com.lock.immersive.exception.BusinessException;
import com.lock.immersive.mapper.UserMapper;
import com.lock.immersive.pojo.domain.User;
import com.lock.immersive.pojo.enums.Identity;
import com.lock.immersive.service.UserService;
import com.lock.immersive.utils.ErrorCode;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

import com.lock.immersive.utils.JWT;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Aspect
@Component
public class AuthInterceptor {

    @Resource
    private UserService userService;

    @Resource
    private UserMapper userMapper;

    /**
     * 执行拦截
     *
     * @param joinPoint
     * @param authCheck
     * @return
     */
    @Around("@annotation(authCheck)")
    public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
        String mustRole = authCheck.mustRole();
        RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
        String token = request.getHeader("token");
        if(StringUtils.isBlank(token)){
            throw new BusinessException(ErrorCode.NOT_LOGIN_ERROR);
        }
        // 当前登录用户
        User loginUser = userService.getLoginUser(request);
        if(loginUser == null){
            throw new BusinessException(ErrorCode.NOT_LOGIN_ERROR);
        }
        // 必须有该权限才通过
        if (StringUtils.isNotBlank(mustRole)) {
            Identity mustUserRoleEnum = Identity.getEnumByValue(mustRole);
            if (mustUserRoleEnum == null) {
                throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
            }
            Identity userRole = loginUser.getIdentity();
            // 如果被封号，直接拒绝
            if(userRole.equals(Identity.BAN)){
                throw new BusinessException(ErrorCode.FORBIDDEN_ERROR);
            }
            // 必须有超级管理员权限
            if (Identity.SUPERMANAGER.equals(mustUserRoleEnum)) {
                if (!mustUserRoleEnum.equals(userRole)) {
                    throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
                }
            }
            // 必须有管理员或者客服权限
            if (Identity.MANAGER.equals(mustUserRoleEnum)) {
                if (!mustUserRoleEnum.equals(userRole) && !Identity.SUPERMANAGER.equals(userRole)) {
                    throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
                }
            }

        }
        // 通过权限校验，放行
        return joinPoint.proceed();
    }
}

